- wiki/OperatorAccessAssist.md: warden access contract, conduit-vs-broker
boundary, the three guardrails + catalog secret guard, lane semantics.
- AccessRouting.md: issue/route/assist roles; reconciled the anti-pattern
table so the transparent conduit no longer contradicts it.
- credential-routing.md rule: added warden access + "standing broker
forbidden, transparent --fetch sanctioned" anti-pattern.
- INTENT.md: pointer→assist charter extension. SCOPE.md: implemented
list + Getting Oriented + maturity A4→A5 (Availability).
- history decision record for the proxy-mode choice and guardrails.
WP-0014 finished (T1–T5). 172 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds a lane: secret|login field to RouteEntry. The login lane is an
interactive auth bootstrap: it skips the caller-auth precheck (no token
yet — that's the point) and the secret-read gate (it establishes the
identity the gate needs), runs the owner's login command interactively
as the caller via inherited stdio, and rejects --exec. The token stays
in the caller's own store; warden never captures it (G2 holds). Audited
as action: login. key-cape-oidc-login populated as the reference login
entry. Advisory proxy hint updated now that T3 has shipped.
172 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds transparent, policy-gated, audited proxy of a non-SSH credential
through `warden access`, for exec_capable lanes. Three guardrails in code:
- G1 caller identity: runs the owner's tool with the caller's own env;
warden injects no token of its own (caller_auth_present check).
- G2 transit-only: --fetch inherits stdout (never PIPE) so the value
never enters warden's memory or any log; --exec injects into the child
env only. Audit (access-audit.log) is metadata-only.
- G3 policy gate: check_fetch_policy runs before any fetch; with
policy.enabled=false the proxy refuses unless --no-policy is given.
resolve_fetch_command refuses unresolved <…> placeholders rather than
guess owner-side names. New warden/proxy.py + policy.check_fetch_policy;
tests/test_proxy.py asserts all three guardrails. 168 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds `warden access <need> [--domain X] [--json]`: resolves a credential
need against the routing catalog and renders the structured handoff
(owner, auth method, path template, command skeleton, policy gate
status, proxy hint). SSH lane points at `warden sign`; routed lanes end
"warden advises, the owner vends". New pure warden/access.py module
(expand_handoff, policy_gate_status) reused by the T3 proxy lane. JSON
output is stable and secret-free. tests/test_access.py added.
157 passed, lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds optional assist-layer fields (auth_method, path_template,
fetch_command, exec_capable, policy_ref) to RouteEntry, parsed and
secret-screened in catalog.py. Handoff fields are templates/pointers
only — _assert_no_secret_material rejects known token prefixes and
high-entropy runs, and exec_capable requires a fetch_command. The
openbao-api-key entry is populated as the reference example (covers the
coulomb_social npm shape).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Extends the routing charter from a pointer-layer to an assist-layer:
a `warden access` front door that advises for any credential need and
proxies the OpenBao/key-cape lanes as a transparent, policy-gated,
audited conduit — never holding or persisting secret values.
Registered in State Hub (workstream 3c30b2ed); T1 in progress.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add platform-secret playbooks for issue-core ingestion, OpenRouter llm-connect,
object-storage STS, and database dynamic credentials. Extend the routing catalog
with draft entries and implement `warden route list --stale` for quarterly drift
review. Document the review cadence in AccessRouting and mark the workplan finished.
Promote Inter-Hub bootstrap lane to active catalog with worker checklist,
attended/unattended branches, and flex-auth/OpenBao pointers. Mark WP-0012
T2/T3 done; ops-bridge tunnel playbook shipped in prior WP-0013 commit.
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
Apply the new 'tooling' category (reusable internal tooling/infrastructure)
from the Repo Classification Standard. First-pass agent classification.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
First-pass agent classification per the Repo Classification Standard v1.0
(canon-repo-classification); pending human review.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Agents can discover the activity-core → issue-core emission contract via
`warden route show activity-core-issue-sink` instead of messaging ops-warden
for ISSUE_CORE_API_KEY. The playbook points at owner-repo docs per the
no-double-source rule.
Add a read-only `warden route` command group (list/show/find) that reads
registry/routing/catalog.yaml and tells a worker which subsystem owns a need
and which wiki/canon doc to follow. ops-warden still executes exactly one lane
(SSH); routed entries return a pointer and never call any subsystem.
- src/warden/routing/: models.py + catalog.py loader; enforces the
no-double-source rule (non-SSH entries with steps/cert_command fail validation),
dup-id and schema checks.
- route list (active-only unless --all, --tag), route show (SSH appends steps +
cert pattern; routed ends with "next action on <owner> — see <wiki_ref>"),
route find (keyword ranking, --json).
- tests/test_routing.py: load/validation, find ranking, CLI JSON shapes, plus a
drift guard (every wiki_ref anchor resolves; every entry has a reviewed date).
- Docs: wiki/AccessRouting.md CLI section, README quick reference, SCOPE A3 -> A4.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
'wait' is a task-level status; valid workstream/workplan frontmatter statuses
are proposed/ready/active/blocked/backlog/finished/archived. The mislabeled
'wait' caused fix-consistency C-04 to 422 when syncing the workstream status.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Implements WARDEN-WP-0010 (charter + pointer catalog). ops-warden issues
short-lived SSH certificates and routes every other credential need to the
subsystem that owns it — no desk metaphor, one execution lane.
- wiki/AccessRouting.md: role/boundary, issue-vs-route matrix, anti-patterns
- registry/routing/catalog.yaml: machine-readable pointer layer (6 active + 1
draft). No-double-source rule enforced structurally — authored steps/cert_command
only on the warden_executes:true SSH entry; every wiki_ref anchor resolves
- wiki/CredentialRouting.md: catalog-keyed index + no-duplicate-interfaces note
- INTENT/SCOPE/AGENTS/repo-boundary/capability: aligned to the new framing;
SCOPE notes A3 -> A4 lands with WP-0011 warden route CLI
- WP-0011/0012 + WP-0010: state_hub id writeback; WP-0010 marked done
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Drop the "operational access desk" framing (and the rejected "coach"
metaphor) for plain language: ops-warden issues short-lived SSH certs and
routes every other credential need to its owner. SSH is the only lane it
executes.
Adds WARDEN-WP-0010/0011/0012 with a pointer-layer routing catalog that
points at owner docs rather than restating them, enforced structurally
(non-SSH entries carrying a steps block fail CI). Drops the scope-creep-prone
`check` command; hides unshipped-path scenarios as draft.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
SCOPE.md now documents where we are (R3 production sign), INTENT criteria
status, maturity vector, and workplan landscape. Add reassessment history;
point INTENT evolution notes at latest assessment.
Mark WP-0008 finished and move to archived/. Spin flex-auth production gate
to WARDEN-WP-0009. Update SCOPE and reassessment history for R3 reliability.
- Post-WP-0007 reassessment and SCOPE/README updates
- AGENTS.md + workplan-convention task status canon migration
- examples/warden.production.example.yaml for production OpenBao
- Archive WP-0004 through WP-0007 to workplans/archived/260617-*
- WP-0008 T1/T3/T4 done; T2/T5 wait on operator/flex-auth
Add policy.py client that calls flex-auth /v1/check before sign/issue when
policy.enabled is true. Record policy_decision_id in signatures.log. Default
off preserves existing inventory-only behavior. Document production OpenBao
health probe and update config/wiki references.
